Posted
by
michael
on Friday November 09, 2001 @08:49AM
from the what-you-dont-know-can-hurt-you dept.

Hairy1 writes: "The Council of Europe has been working on a Cyber Crime Treaty for some time. The final version is now available, and makes interesting reading." The submitter points out that treaty signers will be obligated to create legislation, as the UK already has, to force people to disclose passwords and encryption keys to the authorities. The U.S. may well sign this treaty - we've participated in the drafting process. On a slightly different note, people are up in arms because the European Patent Office has decided, apparently on its own, that software programs are patentable. Update: 11/09 15:23 GMT by M: A reader sent in this interesting bibliography of the treaty's history.

Another interesting aspect of this law is the potential for social engineering attacks. Imagine somebody posing as a government official telling somebody or some company to disclose their passwords or encryption keys?

In the USA, it's a felony to pretend to be a government official. Hopefully EU nations have thought of this scenario when drafting this treaty.

It may be a felony to pertend to be a government official, but for a government official to exceed his authority is usually quite safe. One would only be in danger if one's superiors wanted to "get" one for unrelated reasons. (Or if it became a political hot potato.)

The EU recently released a report encouraging business & individuals to encrypt data, as the Americans, and sympathetic governments (UK) can read it via Echelon. Now they are saying that once you`ve encrypted it, you have to give the passwords to...uh, the UK government!

It seems to me that a lot of times one part of the European government doesn't know what another part is doing..
What they are trying to do is
a) to protect European business interests (encouraging cryptography) to prevent the US from stealing information and
b) to protect European business interests by allowing companies to get patents for software products.. ?!
Sounds kind of weird.. I think the first thing (a) sounds very reasonable because it is proven that Echelon has been used for spying on allies after the end of the Cold War, but I don't know about (b).. There are enough legal instruments to protect software right now and considering the encryption key issue: The government has a right to get your key to decrypt data in criminal investigation, but at no other time and for no different purpose..

As far as I could see, i.e. decrypt the lawyer speak in the treaty investigators have to have what the lawyers in the US call "probable cause". This did not read like an open ticket to conduct surveillance on anyone at all for no parcikular reason other that that there is nothing to do at the Bin Laden desk at MI.6 HQ at the moment, you have picked your nose clean, and you are in the mood for reading some poor sods personal E-Mail. In fact I like the how far they went in the Child Pornography section in banning even "Over 18 looks like 14" stuff. I rather doubt that Tony Blair and his fellow slimers will be able to order say Siemens, Dupont or the Airbus consortium to hand over the keys to encrypted transmissions just so that HM government can brown nose Uncle Sam with nice data-morsels for Boeing or Motorola. But then who in the EU trusts the British anymore when it comes to keeping the lid on sensitive commercial data and not leaking to the US for Brownie Points?

As for Echelon the EU should kick the CIA/NSA listening stations out and set up their own. If the US wants access after that let them come asking for it. And that will happen sooner or later if the US keeps abusing ECHELON. Hell, even the Germans are planning their own spy satilites

[quote]In fact I like the how far they went in the Child Pornography section in banning even "Over 18 looks like 14" stuff. [/quote]

It also states that anything that may be construed as looking like child pornography is illegal, which has been an issue with a lot of child pornography cases lately (ie 3d renderings or 2d computer drawings as opposed to actual images). Of course, the whole 'over 18 looks like 14' thing is based heavily on the person viewing the material. This is also why they specifically stated that the individual governments can decide not to enforce those last 2 clauses (the 'over 18 looks younger' portion and the 'looks like child pornography but is actually a computer generated image' portion).

This site [magnacartaplus.org] details RIP (the Regulation of Investigatory Powers Act (2000)), which has nothing to do with reglation, but with allows unwarrented searches of computer data, without the data holders knowledge or permission.

Ok, I'm sure loads of other countries have participated, but it seems to me that this will be nothing but red tape to businesses.

As a citizen of "europe" I have yet to see the EU write one single peice of legislation that a) makes sense, b) actually has an effect other than to annoy people c) does any good. d) doesnt cost tonnes of money for sod all.

Don't get me wrong, I'm glad government are trying to get a hand into formalising these sorts of things, but what we really need is competant people advising them. I mean, look at what incompetance in these matters [stand.org.uk] gave us the last time.

I have yet to see the EU write one single peice [sic] of legislation that a) makes sense, b) actually has an effect other than to annoy people c) does any good. d) doesnt cost tonnes [sic] of money for sod all.

Yeah, tell my French and Greek colleagues that... Open [eu.int] your [eu.int] eyes [eu.int], man. EU legislation is changing the way we live in Europe (our part of it, at least), and though it isn't always comfortable, it is very useful, makes sense, and often means less cost, less administration (true, the EU is very bureaucratic, but think of all the national instituions that are no longer needed due to the EU's multilateral institutions) and less annoyance (e.g. I'll be able to drive 45 mins. without having to exchange currency).

We have to "renew" our drivers licenses EVERY YEAR here (Saskatchewan, Canada) at a cost of about CDN$25 per year. No new driving test or anything each year, just sign the form and fork over the money.

As a citizen of "europe" I have yet to see the EU write one single peice of legislation that a) makes sense, b) actually has an effect other than to annoy people c) does any good. d) doesnt cost tonnes of money for sod all.

I am guessing that you are a UK citizen. Unfortunately certain sectors of the UK press takes a delight in printing "Brussels demands straight bananas" type stories, and don't report all the other things the EU is doing.

Increasing co-operation and standardizing regulations between all the EU countries is, to the say least, a difficult thing to do. Each country has its own legal system, its own style of government, and in many cases its own language.

I do business between various EU countries so I aware of the issues. The EU is doing a good and necessary job easing trade and legislation between all the countries of Europe. You say I have yet to see the EU write one single peice of legislation that a) makes sense, b) actually has an effect other than to annoy people c) does any good. d) doesnt cost tonnes of money for sod all - aren't you forgetting, for instance, the introduction of the Euro as the principal currency of most of the EU countries in just under two months time? That a) makes sense b) will have a profound effect on trade in the EU c) will greatly improve ease of trade and competitiveness and d) will greatly lower administration overheads and costs for nearly inter-EU trade.

I am guessing that you are a UK citizen. Unfortunately certain sectors of the UK press takes a delight in printing "Brussels demands straight bananas" type stories, and don't report all the other things the EU is doing.

Indeed, it is a tradition of the UK press to be vigourous investigators of what those that pass laws are really up to. Just recently the head of the Scottish parliment had to step down for taking money for renting out office space that was being paid for by the government and pocketing the money. Unfortunately the EU has had a lot of problems, nepotism, cronism, fraud, embesslement etc etc and the only really positive thing is the single market, which seems to be more the product of individual governments than the EU apparatus. As for the single currency AKA the Euro, that has lost >20% of its value against the US Dollar since its launch, which means your money is worth less. Having chatted with bankers before the launch of the Euro, they said it would gain value, whenI explained why the Euro was sure to be weak they laughed at me, so thats International Bankers 0 (except the guys at UBS-Warburg, they were as thick as pig shit, they get -666 Troll), analytical geek 1, then look at how the decisions of the European Central Bank are made, in secret, with representives of different countries saying different things to the press/market, you only have to look at how one member was saying earlier this week that there would be no base rate cut and then there was one, do you think anyone is going to have confidence in this sort of doubletalk? No, obviously not. Then look at some of the EUs other policies, like the CAP (Common Agricultural Policy) which has kept ineffecient farmers afloat by giving them subsidies and kept out cheaper imports from places like Poland, thus helping to keep the former Eatern Bloc dependent on basic commodity trading and organised crime to make money, then there is the Common Fisheries Policy that has helped drive down the fishing stocks in the North Sea to unsustanable levels while not punishing those that catch undersized (i.e. immature and therefore non-breeding) fish thus helping to kill the fishing stocks even further. Then there is the "democratic deficit", i.e. the fact that only the European Parliment is elected and not the Commission hence alot of the corruption and other misdeeds. I personally can't see the point in it at all, just another layer of petty beurocrats, if you can point to one important thing the EU has acheived I'd love to hear about it, and by important I mean life changing in a positive way.
Each country has its own legal system, its own style of government, and in many cases its own language.

You hit the nail on the head there. To have a unified system, you need to start at the bottom, with language, unfortunately that is politically unacceptable (do you remember when English words were banned by the French?), so they build on quicksand instead. At some point people will start to use the differences in language to drive trucks through some of the laws, and I will laugh my arse off.

I do business between various EU countries so I aware of the issues.

Yeah the most fun one I have come across is regarding having paid VAT (Value Added Tax) on a boat that I sailed across to Holland, if you do not produce a VAT receipt they impound your boat, if the company you bought it from is no longer in business and you don't have the receipt pay up or get impounded, repeat until made bankcrupt.

The EU is doing a good and necessary job easing trade and legislation between all the countries of Europe.

Yeah, I mean it's not like the WTO is there as a global organisation to do that.

- aren't you forgetting, for instance, the introduction of the Euro as the principal currency of most of the EU countries in just under two months time? That a) makes sense b) will have a profound effect on trade in the EU c) will greatly improve ease of trade and competitiveness and d) will greatly lower administration overheads and costs for nearly inter-EU trade.

The Euro is transfering risk of exchange rate fluctuations from companies doing business inside Europe to the EU as a block, before if one country was doing badly its exchange rate would be affected, now it affects everyone else, as there is no real accountability this can go on and on taking the life out of the Eurozone economies by hitting confidence that anything will be sorted out. If you wanted to do the project right, you start from a common language, then common laws created by forming a "superstate" and doing away with national democracies, having common tax, defence, and foregn relations policies, common defence and common currency, if you did that, it would work. Right now we have already seen the strains that Ireland and Italy have had on the project and it's not looking good. As there is no strategy or unwinding the Euro as a currency and going back to national currencies it means there is no way out, if the markets get fed up of the BS coming out of the EU and the Central Bank the currency could take a nose dive, imagine if the Euro was worth the same as a Rupee, how would that hit you? The EU was borne of protectionism (it was originally about protecting coal and steel industries) and the Euro was borne out of political fudging (the Euro was originally drafted as a "common currency", Maggie Thatcher got some things changed in the negotiations for the Treaty and for that some other leaders changed "common" to "single" for the currency, so instead of just having a common currency that could be used as alternative to national currencies it became a single one that all had to bow down to).

but a software implementation of an invention does not render the invention unpatentable either.

All this latest directive does is clarify that an implementation in software has no effect on an invention's patentability: If you could get an patent on a method for doing something by using LEGO bricks, you could likewise get a patent on a method for doing the same thing using software.

If you could get an patent on a method for doing something by using LEGO bricks, you could likewise get a patent on a method for doing the same thing using software.

The big deal is where we draw the line. Do we draw it anywhere or is everything patentable? Do you think patents benefit small inventors and society, or have you been told this. Knowing and being told are very different things.

If you could get an patent on a method for doing something by using LEGO bricks, you could likewise get a patent on a method for doing the same thing using software.

What's the big deal?

This is more or less how software patents are supposed to work over here in the U.S., too. However, because the PTO has pathetically little software expertise, the result is that you can patent pretty much any stupid idea that is obvious to everyone else if your patent description ends with "...on a computer!"

The other big problem with this is that the patent system is explicitly not supposed to cover algorithms or mathematical formulae, because these are deemed fundamental properties of nature. However, patenting software is a surprisingly easy backdoor to patenting algorithms. E.g. RSA Data Security and the RSA patent which held back public key cryptography by a decade or more, and would have been worse if RSA had succeeded in convincing the PTO that their patent actually covers all forms of PK crypto.

This is more or less how software patents are supposed to work over here in the U.S., too. However, because the PTO has pathetically little software expertise, the result is that you can patent pretty much any stupid idea that is obvious to everyone else if your patent description ends with "...on a computer!"

But the PTO will eventually have a vast store of software experience. They've been making movements to hire more examiners with a CS background. In the meantime, software patents which should be invalid can be invalidated in court. It the patent is a stupid idea, then challenge it and get it overturned. By stupid idea, I assume you mean an "obvious" idea, if by stupid you mean "economically wasteful" then who cares if they have a patent. A patent on something truly trivia should have no value to the patent holder and no effect on the world.

The other big problem with this is that the patent system is explicitly not supposed to cover algorithms or mathematical formulae, because these are deemed fundamental properties of nature. However, patenting software is a surprisingly easy backdoor to patenting algorithms.

It is and it isn't. The idea that algorithms can't be patentable is an oversimplification of a string of Supreme Court decisions which don't necessary say that "algorithms are not patentable." The first software case was really Gottschalk v. Benson (409 US 63, 1972) which affirmed denial of a patent on a program which converted binary numbers to decimal. The Court should have struck down the patent on grounds of obviousness, but didn't, and that mistake is probably why we have a patent mess today. The more recent case of State Street Financial Trust v. Signature Financial Group (149 F.3d 1368, 1998) proposes that algorithms are patentable so long as the numbers mean something. In that case, the numbers were money.

That distinction is made to avoid the decision in Benson, but if you're saying it doesn't make much logical sense, I agree. I think patenting software should be allowed, but examiners should be better trained to recognize obviousness. I think in the long run (say 10-20 years) that will happen. And the Jeff Bezos of the world will have their patents struck down in the meantime.

I find precious little evidence that the US PTO wants to improve its handling of patents. It seems to be rathe a case of, to paraphrase a Bell executive, "We're a monopoly, we don't have to care."

Experience can't make up for lack of interest in quality. And that's what the US PTO has been exhibiting to increasing degree the last couple of decades (possibly longer, judging by earlier reports, but I wasn't watching then, so I can't tell whether or not this is just a continuation of a longer trend).

This is only to be expected. Monopolies, whether commercial or governmental, tend to develop in the same way. Expect things to get worse. The only way to really improve something in this mess is to adopt the "waterfall development model" and start a new design from scratch, based on what has been learned from the prior design.

I find precious little evidence that the US PTO wants to improve its handling of patents.

Look at http://www.uspto.gov/web/offices/ac/ahrpa/ohr/jobs/jobs.htm which is the patent office's hiring page. It seems they're only hiring people in areas of new technology. I would call that wanting to improve handling.

It seems to be rathe[r] a case of, to paraphrase a Bell executive, "We're a monopoly, we don't have to care."
Experience can't make up for lack of interest in quality. And that's what the US PTO has been exhibiting to increasing degree the last couple of decades

What does that even mean? It is not the job of the patent office to evaluate quality. For one thing, if they were evaluating quality, the very definition of quality could be used nefariously to control what gets patented. Say, for example, that you create a device which has bad uses and good uses, for example, a machine to encrypt messages. Does that machine have low quality since it can be used for bad things? What if the machine is inefficient, is it of low quality?

Monopolies, whether commercial or governmental, tend to develop in the same way.

And what does that mean? You don't like the patent office's monopoly on granting patents? Or perhaps you don't like patents period? You must remember that patents are a time limited monopoly. They are economic tools, and if you really want to use something patented BUY IT. Buy the patent, buy the rights to use the patent. If it is so important to you, put your money where your mouth is. Business have patents to make money. Period. If you can offer them enough money, they'll sell it to you. If it's worth it for society as a whole (or universities or whatever) to have the patent, then society (or universities or whatever) should just buy the thing.

You are right! It seems to me people have a problem distinguish between getting a patent:

for a method to implement an algorithm in software

and getting a patent that covers not only ones own implementation of the algorithm but also all other possible implementations.

The former is sensible. Why should one not be able to enjoy the fruits of developing a partickularly efficient method to code a certain algorithm? People get patents for implementing algorithms in hardware all the time. What is an FPU anyway other than a bunch of algorithms implemented in Hardware? So why not patents on methods to implement algorithms in software?

The latter however is stupid becasuse it means that anyone who develops a method to code the same algorithm one has patented no matter how different his methods design is from ones own will be violating ones patent.

It is silly to write off the concept of Software patents in general just because a few brain-donors want to use them to monopolize common well known algorithms.

Actually the RSA patent should never have been issued as some geeks at GCHQ ( the British equivalent of the NSA) had though up the idea years before RSA, they didnt patent it as it was ultra-top-secret, but it was prior art non the less see here [cryptosoft.com]

On November 13 the EU Parliment will vote on the the proposal for a European Parliament and Council directive concerning the processing of personal data and the protection of privacy in the electronic communications sectorRead the report here [eu.int] . If passed it would make it illegal to idenitfy users on the internet without their permission. Keep your fingers crossed.

If software becomes a patentable, er... commodity, what implications will this have for free software? Will the length of legal disclaimers attached to code eventually be greater than the code itself?
And everyone fighting against encryption... it's a losing battle. "Criminals" don't exactly pay attention to "the law", and if they're not completely braindead and know that a given piece of encryption software is crippled by the fact that the government has the keys to the backdoor, don't you think that they'll either use something else or maybe just not incriminate themselves via any digital media? Law-abiding citizens are the only ones that lose here, unless you like the idea of every Jane Government sticking their nose in your business whether you've done anything wrong or not.
On the bright side, if software becomes patentable, maybe this will strengthen the notion of Code As Speech in the US courts? I sure hope that the US legislators in charge of ratifying this bill (are there any? what body would be in charge of this?) runs this by the RIAA and MPAA before they sign it.

i always thought, that people who really want to do illegal stuff wouldn't be brainless enough to use the current existing encryption methods. Why even something like a Morse-code-over-ping (ping... ping ping... ping... ping ping ping... you get the idea) could transmit some information which outsiders have entirely no idea what it is.

Conversely, this thing is great for governments to audit suspicious people who might be going to do something potentially politically harmful to the government (good intention or not, like trying to overthrow the govt. or maybe just opposing some evil government policies) by checking his emails and stuff, and if he is then get him into jail or whatever. Kind of like what China was famous for, except it seems that those countries that are famous for bashing China for this are enforcing these laws.

And for software patents... well, does this mean patenting the source code or the design/look of it? I always thought that patents are a bit silly anyway... and the patent office is nice enough to let people patent the wheel. oh well...

I don't know, just hope that my place doesn't get polluted with these dirty issues. It's not very nice to know that our govt. might be implementing these "features" in seeing that these "advanced countries" are using it as well (IFAIK we don't have these things here yet... lucky me;-)

The US didn't help write the treaty. The US DOJ wrote the damn legislation. This is what is called "policy laundering" in Washington. If you can't pass the surveillance powers you want in the US, just shop the same provisions around in a treaty in other countries.

Look, They can regulate to their hearts content on transmission of stuff over the internet, But How the Heck can they now tell me my computer, and notably the hard drives, are subject to search and seizure , and that I am REQIRED to protect the information they want on MY OWN PROPERTY.

Don't get me wrong - child porn is bad, But taking away my rights to my own property is NOT the way to stop it. By all means, monitor for child porn, nail the ftp sites that hst it, but stay the hell away from my hard drive.

can you patent a string of numbers, or one very large number (depending in interpretation)?

An assembler or compiler is merely a filter for some text. This number when transfered to another processor type will generate complete different results, most likely garbage. Clearly the object code means different things to different processors, so they can't use binary.

Source code? Well that doesn't actually do anything other that represent algorithms, or thought process (pseudo code); which in turn represents free speech. You know, that thing the US used to have.

All patents are 'strings of numbers'. That is, all of them can be represented as data. (otherwise a patent database would be kind of difficult, eh?)

Genetic patents are patents on 'strings of numbers.'

Even most devices nowadays are designed using CAD type tools, meaning that they are simply strings of numbers as well. The fact that something can be represented numericaly dosn't really have any baring on anything.

There's a difference here. The CAD machines are designed to give instructions about how to construct real machines. Just as specialized circuits like video cards are real machines. That is different from taking a machine that already exists (a computer) and then flipping some switches in it (programming it) and then letting it operate. You never get outside of the operation of the computer itself...you are merely using the computer. Now, if you want to create a robotic fabricator attached to a computer and this fabricator uses algorithms to make real product X, I have no problem with patenting the whole system...as long as you are actually building something to go along with the system. Taking two or more common machines and attaching them using standard cables and attachments, and then saying you made a "new machine" is bullshit. You should have to actually create something and not just use things that exist in ways they were designed to be used.

In any case, pure algorithms should never be patentable, so if you have some new algorithm for your fabricator, anyone in the whole world should be allowed to use a similar or exact algorithm (if they code it themselves) to do what they want, including building another fabricator, as long as their fabricator is different enough from the original one. It should never be the case that someone can get a patent for something that can be stored purely as software, nor should anyone ever get sued merely for typing things into a general-purpose computer and distributing them.

Another example, if you want to make a system for facial recognition, that's fine. However, whatever you do should never be able to stop anyone else from taking a bunch of computers networked as they see fit attached to standard cameras that take pictures that get sent to the database to be checked against the face database using any algorithms whatsoever. The only thing your patent should cover is your precise implementation of the hardware you create, and you should not be able to get a patent just for pushing bits around in standard hardware attached using standard hookups between devices with whatever software you desire running the underlying system.

I thought the U.S. had decided a few centuries ago to do without European legislation. I suppose I was wrong, as it appears that the U.S. Federal Government is now using the European federal legislative body to create law here in the U.S., via treaty.

So all we need now is for Sadam to launch a Nuclear missile and a massive fire to wipe out half the planets petroleum. Maybe then the U.S. will stop behaving like big babies who are in fear of losing their toys!

... treaty signers will be obligated to create legislation, as the UK already has, to force people to disclose passwords and encryption keys to the authorities. The U.S. may well sign this treaty - we've participated in the drafting process.

You would think that a law like this would violate everyone's '5th Amendment Rights':

nor shall be compelled in any criminal case to be a witness against himself...full text [cornell.edu].

Being force to disclose passwords to authorities, IMHO, would be equivalent to testifying agaist yourself...

.. treaty signers will be obligated to create legislation, as the UK already has, to force people to disclose passwords and encryption keys to the
authorities. The U.S. may well sign this treaty - we've participated in the drafting process.

You would think that a law like this would violate everyone's '5th Amendment Rights':
nor shall be compelled in any criminal case to be a witness against himself... full text [cornell.edu].

Being force to disclose passwords to authorities, IMHO, would be equivalent to testifying agaist yourself...

Here's an even more disturbing part (from Article VI) of the Consitution that may mean that it doesn't, even theoretically, matter whether the government is forcing you to testify against yourself:

This Constitution, and the Laws of the United States which shall be made in Pursuance thereof;

and all Treaties made, or which shall be made, under
the Authority of the United States, shall be the supreme Law of the Land; and the Judges in every State shall be bound thereby, any Thing in the
Constitution or Laws of any State to the Contrary notwithstanding.

(emphasis added) Unless the U.S. Supreme Court has ruled that Constitutional amendments cannot be superceded by international treaties, by ratifying this treaty the U.S. Senate would in fact be directly taking away your rights. (If anyone does know of some precedent surrounding this article one way or the other, I'm sure it would be greatly appreciated by the Slashdot community) One wouldn't have a prayer of overturning this in the courts, since the judge would for all intents and purposes would not even be allowed to take constitutionality into account. Pretty scary, huh?

Similiarly, I fear that getting rid of provisions of the DMCA specified in the WIPO treaty won't be as easy as finding a reasonable judge and having him cast the "unconstitutional" spell on the law to make it go away. At least that treaty, however, allows nations to break it upon providing a certain amount of advance notice (1 year I believe), but that would involve going to the same people who ratified it in the first place...

This provision in the Constitution is why we Americans need to keep pressure on the President and Senate to ensure that treaties that take away Americans' civil liberties like this will not be tolerated by the American public. Unfortunately most of the American public doesn't care about these liberties and probably won't until they're all gone. We need to start teaching others why these treaties and domestic laws like SSSCA are so evil and we need to do it soon, otherwise we'll have no rights to try to defend anymore.

Several replies to this post have opined that disclosing one's password would not constitute self-incrimination. In fact, Findlaw's Constitutional annotations [findlaw.com] clearly show that "The privilege afforded not only extends to answers that would in themselves support a conviction... but likewise embraces those which would furnish a link in the chain of evidence needed to prosecute."

So you can take the fifth on disclosing your password if the following conditions are met:

It must be plausible to the judge that your answer could incriminate you.

You must take the fifth at the beginning of the line of questioning: "One must explicitly claim his privilege or he will be deemed to have waived it, and waiver may be found where the witness has answered some preliminary questions but desires to stop at a certain point."

The legal theory behind this law is that the encryption around a file is equivalent to a safe holding a document. If the authorities have a warrant to search the contents of that safe (or the contents of that location, for that matter), they will ask you for the key.

The difference is, of course, that if you don't give them the key, they can cut open a safe. With data under a high level of encryption, they can go spit. So instead, a judge issues an order requiring you to disclose your password, and if you refuse, you're held in contempt and jailed indefinitely. Never mind the conflict with the 5th Amendment; they want to search your (virtual) personal papers, and you aren't allowed to stop them.

(As an aside: The FBI wanted passwords to files they got from Kevin Mitnick's hard drive, the last time they caught him. Mitnick refused to provide them... But on Mitnick's release, the judge ruled that Mitnick couldn't have his files back, since he couldn't prove they didn't contain pirated information. I'd call it a violation of 4th Amendment rights.)

As to whether such a law would hold up in court, for that we'll just have to wait.

Being forced to disclose passwords to authorities, IMHO, would be equivalent to testifying agaist yourself...

Err not in mine...

IANAL, but if police have a search warrant, and you have documents in a safe, you'd be required to give them the combination. It's the same thing here.

If you state "these are all mine, and nobody else could possibly have planted them there" then yeah, you're testifying against yourself.

But if you claim that the files aren't yours, or say nothing, the prosecution would have the burden of proof, and the fact that you provided passwords would be inadmissable, as you had been compelled to do so.

That writ says NOTHING! I read it to article 9 and didn't see anything resembling a real statement for or agains something. Each and every passage that really says something "may or may not" be implemented by "a party". I'm considering moving to a place where there are real LAWS not lax guidelines. When I'm being shot for something, I want to know WHY!

If it is true that the treaty forces countries to create legislation that makes it illegal to not provide keys on demand, how could the U.S. possibly sign this since the treaty? The 5th amendment prevents the gov't from forcing a person to testify against themselves. I believe that Mitnick used the 5th amend. to keep his encryption keys secret. I think that it was even discussed on slashdot a while back too.

Sorry, I dont want to sound like flame-bait but I must chukkle at your nievety! (sp)

The 5th amendment only applies in the US!
If the US applied its own laws (including the 5th amendment) to other citizens of the world then maybe the US wouldn't have such a sh*te forign policy. (And I didnt say anything about Afghanistan!)

My main point however is that the US uses this to its advantage. Since it is illegal for the US gov. to spy on its own citizens, it gets the UK to do it for them. Since it is illegal (atm) for the UK to spy on its citizens it gets the US to do it for them. They then simply swap the information.

And no I haven't been reading alt.conspiricy! This was mentioned in the European parliments report into ECHELON.

Sorry, I must not have been clear in my first sentence. I was in a hurry. This is the key part. I've included my mistakes in wording as well "how could the U.S. possibly sign this since the treaty?" I should have removed the "this since". The U.S. couldn't sign on to this treaty and then enact legislation to force citizens to testify against themselves. It may go to court, but hopefully the court wouldn't uphold it.

That sentence was the whole point. The 5th amendment does only apply in the U.S. I was responding to "The U.S. may well sign this treaty - we've participated in the drafting process."

Of course, since those from the U.S. that are participating know that they would be circumventing the 5th amendment, they are probably using the E.U. to further their own cause. It would be in the U.S.'s best interest, as you have noted, to have the E.U. pass this and force the participating countries to enact legislation. This sort of applies to not only what you were describing, but the U.S. could apply pressure to these countries to get the keys of its citizens to further is own law enforcement efforts abroad. I'm sure that this would prove useful in the terrorist situations but in others as well.

According to the US constitution, treties signed by the US are supposed to have the same weight as the constitution itself. Of course, the founding fathers probably

from artical VI:
This Constitution, and the Laws of the United States which shall be made in Pursuance thereof; and all Treaties made, or which shall be made, under the Authority of the United States, shall be the supreme Law of the Land; and the Judges in every State shall be bound thereby, any Thing in the Constitution or Laws of any State to the Contrary notwithstanding.

the European Patent Office just published a new examination directive which extends the realm of the European patent practice to software, business methods and mathematics.

Patenting mathematics is outright crazy. It's the same sort of crazy that allows the patenting of software, but in the past one could always say: patenting algorithms is like patenting mathematics, and thus clearly nonsense. reductio ad absurdum has come along and bit us all on the arse.

Trying to imagine a world where mathematics is patentable is both hard and disturbing. Can you imagine if only licensed physicists were allowed to use Hilbert space theory? If one needed to pay a levy every time one used Shannon's law to help design a product? Where would we be if the finite element methods could only be applied to engineering analyses with the blessings of its creators?

How much mathematical progress would be made, if every mathematician had to check whether the work they were building on was patent-encumbered? If every publication had to first get the approval of some patent holders, with the possibility of a required payment?

It quickly gets surreal. Many statements in mathematics are equivalent when viewed in the appropriate fashion. Many too are based on certain sets of axioms. What does patentable mean when viewed in this light?

This to me is a clear sign that extreme IP advocates have just completely lost the plot.

The "great mathematician" Roger Penrose already has patented some mathematics, a tesselation he discovered, IIRC. Not that anoyne else might have discovered it before, but when you're a respected public figure and have the wherewithall to get your stuff published, and people (who don't knwo any better) listen to you and accept what you say by default...

It does appear though, tbat this is a copyright issue rather than a patent one. Copyright has long been applicable to mathematical papers and diagrams (for good or ill), and has far less damaging potential consequences than patenting.

Yes, but if there is a diagram that is useful to explain or understand a subject, or there is a paper which explains it well, but they are copyrighted, you can redraw the diagram or rewrite the paper. You cannot copyright ideas only implementations. If they are patented then you cannot.

The EuroLinux article links to a French version of the text; an English version [epo.co.at] can be obtained by changing the "f" to an "e" (or following my link).

Here's the part on Mathematics:

These are a particular example of the principle that purely abstract or intellectual methods are not patentable. For example, a shortcut method of division would not be patentable but a calculating machine constructed to operate accordingly may well be patentable. A mathematical method for designing electrical filters is not patentable; nevertheless filters designed according to this method would not be excluded from patentability by Art. 52(2) and (3).

First, note that the Patent office, evidently not being staffed by mathematicians, believe that they have not rendered mathematics patentable. Or, in other words, explanation-free protests based on the statement that they have will only confuse them, and cause them to distrust the protesters. After all, "These are a particular example of the principle that purely abstract or intellectual methods are not patentable."

I see three problems with this:

"Purely abstract or intellectual methods" often are algorithms. For example, we tend to express the mathematical concept of "graph reachability" as the algorithm that tells us whether a given node is reachable from another. It can be defined other ways (including second order existential logic), but we tend to think of it algoritmically first, moreso for complicated properties.

Therefore, despite protests from the Patent Office that mathematics are not patentable, damn near every discrete mathematics definition and algorithm is patentable, or close enough that a the prospect of fighting a patent would scare anybody.

"A mathematical method for designing electrical filters is not patentable; nevertheless filters designed according to this method would not be excluded from patentability by Art. 52(2) and (3)." Functions are only relevent in terms of the results. (Merely specifying a domain is rarely useful.) If one can create a mathematic concept, then proceed to creatively patent the (useful, for the Patent Office's amazingly low standard of "useful") results that can come from concept and associated functions, then the only useful part of the concept is effectively patented. Combine this with the next problem ->

An increasing amount of math is taking place on computers. For instance, the famouse and importent 4-Color problem was proven by a computer. This will only increase over time. Therefore, there may be no difference between the abstract math and the concrete implementation, which means there is no difference between patenting math and patenting an algorithm.

Remember that as you protest to the EU. They don't speak our language and, frankly, they don't know jack shit about math. And it shows. They honestly think that under these rules, math is still unpatentable.

(And frankly, I don't think we stand a chance in Hades of convincing them otherwise. The more ignorant you are, the more you think you know on a given topic, and I'd lay money these people honestly believe they know mathematics. Which means they will not listen to people like us.)

I don't think reasons 1. and 2. hold up with careful thought, as the application is still the driving force for obtaining the patent. In the case of 1, expression in any form under current law in all countries I am aware of is not patentable, regardless of the form of it's notation. As far as 2. goes, who cares? If you are clever enough to discover all potential uses of a basic, fundamental mathematical result and gain patents on their implementations, you deserve the gains from your hard work and cleverness, so long as the coverage is not overly broad for the the uses you bring to the Patent Office.

However reason 3. is very valid - in a practical sense a patent on a computer based use of an algorithm is often a patent on the algorithm itself in for all practical purposes. This is the weakness - overly broad coverage for the applicative use of an algorithm on a computer can turn into an effect patent for that algorithm.

As we all know, wherever America goes, Europe gets dragged along kicking and screeming!
However, I definately couldn't imagine the Duch or the Danes going along with such draconian anti-privacy laws, even if we in the UK seem complacent about our privacy and rights.

First, remember that the Council of Europe is not the EU. It doesn't even have the same members. Just because this organisation passes a stupid law, doesn't mean the EU is evil, and doesn't mean the EU is contradicting itself.

Second, the Council of Europe didn't write this law, the US did; as such, I wouldn't expect many (if any) continental EU countries to sign it, especially considering it may contradict some of their EU responsibilities and they'd rather be part of the EU than pass this law.

Third, if they somehow did pass this law, we could always create a country in Antarctica.

if they somehow did pass this law, we could always create a country in Antarctica.

Where? Big sectors of Antarctica are claimed by countries (some from the Southern Hemisphere, but also many EU countries). They are held back because of the Antarctic Treaty, but if the treaty is broken, these countries are going to claim First Post! And they (at least some of them) have the resources to back their claims.

History shows that eventually the country will become independent. Look at India, Australia, Canada, all the Latin American countries, etc. There was a huge distance between the ruler and the territory, and eventually the ruler (Spain, Portugal or Britain) just gave up and let the territory rule itself. Seeing how few people would want to live in Antarctica (climate) anyway, few countries would care about keeping it as long as they had scientific observation rights.

I don't agree.
India was closer to Britain in 1948 than in 1800, either by Suez or by plane. California is ruled now from DC.

I don't see any inexorable law that predicts independence.

few countries would care about keeping it as long as they had scientific observation rights.

Its natural resources (coal, oil?, ores) are untouched. What saves Antarctica, apart of the small influence that shame and peer pressure can have on governments and companies is that exploiting it is not yet profitable.

Any investigating authority worth their salt would keep a copy of the original encrypted data before asking you for your key anyway so I doubt this would help much..."OK, Joe, let's try again with the REAL key this time shall we..or should we assume you are withholding it?".

Probably, but if I were really paranoid, no password would work on any data that had been removed from its original machine. Thus, the destruct password would always work, or the original password would be the destruct password on the investigating authority's machine.

On the other hand you could introduce a false key, such that any encrypted data you send has two possible plaintexts.

Yes, they could probably assign a probability that some other message is also encoded in the cyphertext, but could they prove it?

Also isn't there something about law enforcement not being able to break the law in order to defend it? If a "don't copy bit" is set in the cyphertext, I wonder if you could argue that law enforcement violated the DMCA (or the local analogous law) by creating a backup copy of the potential evidence.

Best Practices says that if your password or keys are compromised, you need to change them as soon as possible.

Of course, the authorities may have already backed up your data. And the new password can be compelled out of you by various means. (So-called "rubber hose cryptography", as in, "We beat the password out of him with a rubber hose.")

So you use a cryptographic filesystem [rubberhose.org] that has several passwords. One retrieves mildly incriminating data, and another one gets the real data. So you can look like you complied but it doesn't do them any good.

To be honest.. I find the whole RIP bill disgusting.. It's a complete violation of your privacy.. but saying this is nothing new and I won't go there..

One things i've noticed though, is the amount of UK ISP's (Freeserve, AOL to name two), to me, seem to be abusing their shadow proxies (cisco cache engines I presume)..

For, whilst using AOL or FreeServe, you try and telnet to _any_ outside mailserver on port 25, you get their mailserver. It's actually _impossible_ to get to any other SMTP service whilst dialled-up with one of these ISP's.

Now, sure this could be because they're attempting to optimize their network, but on the other hand, they could have their SMTP relays configured to store/cache messages locally - ideal for RIP bill investigations..

For, whilst using AOL or FreeServe, you try and telnet to _any_ outside mailserver on port 25, you get
their mailserver. It's actually _impossible_ to get to any other SMTP service whilst dialled-up with one of
these ISP's.

This has always been true with Freeserve, ever since it started up a few years ago. It's got nothing to do with RIP, it's an anti-spam measure. Freeserve introduced it because they were the first large scale "free" ISP in the UK, and didn't want to become a magnet for spammers.

When the patent is granted for an algorithm, the public patent documents will reveal the algorithm in some form, maybe source code. That's the deal with patents. The inventor reveals their "secrets" in exchange for a limited-term government-granted monopoly. You can't infringe on the patent unless you apply the algorithm. In fact, if you can figure out a way to apply the algorithm to solve a problem not covered in the original patent, you can get your own patent for that new application.

The California appeals court ruled that source code is protected free speech in much the same spirit. Source code is protected speech for purposes of discussing the algorithm. Is it efficient? Does it have weaknesses? They did not rule that it is legal to compile the source and execute it to (in the DeCSS case) decrypt a DVD VOB.

No big news. It seems to me it is just giving European countries the right to patent software (think US patent office). Until now this was not possible in Europe, although u could still file a US patent. Its just *ANOTHER* example of Europe playing catch-up to the US decades later.

A big problem with the big(gest hehe) European software company I work for is that since software has always been unpatentable in Europe, we are getting creamed with infrigment claims from US companies. The patent game for big corporations consist of:

Bloated Software Company A: "Hey, we have a patent on that! Pay us money or we'll sue!"

Article 3 Illegal interception
Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the interception without right, made by technical means, of non-public transmissions of computer data to, from or within a computer system, including electromagnetic emissions from a computer system carrying such computer data. A Party may require that the offence be committed with dishonest intent, or in relation to a computer system that is connected to another computer system.

Given the number of organisations that the UK government is planning to give access to your IT data under "anti terrorist legislation" (eg Guardian article [guardian.co.uk]), this will surely require some tricky legal manouvers to get every man and his dog working for the government classed as "with right" to intercept?

Also, what it'll be interesting to see how the data that the ISPs are being told to collect for "anti terrorist" means will be classed as "with right" to intercept, given the provisions in the human rights act on privacy...

First, governments cooperate on creating a treaty with provisions that would never pass muster with the folks back home if they tried to pass it directly. Once signed, they then work to pass laws implementing the treaty. If people complain about the provisions, the lawmakers disclaim responsibility, saying they have to do this to comply with the treaty.

It HAS happened and It DOES happen, EXACTLY like this. Let's not get fooled again.

What effect might this have down the road on the few countries like Bulgaria where neither the culture nor the law recognizes things like copyright protection? If one of these countries wishes to join, what laws will be imposed upon them?

From the bibliography [wildernesscoast.org] link above (one of the very earliest entries at bottom of the page):By Steve Gold, Newsbytes Special to the E-Commerce Times January 14, 2000
Unconfirmed reports circulating on the Usenet suggest that the U.S. government is working with the European Union (EU), Japan, Canada and other countries, including South Africa, on a draft cybercrime treaty that would try to ban hacking and Internet eavesdropping utilities.

Interesting how only the powers that be should now be allowed [loc.gov] to eavesdrop and crack into computer systems, even though they're so intent on making it illegal for everyone else.

It's too bad that we have to trust a bunch of mostly technologically uninformed politicians to draft law these days. I'm sure their intentions are all good in trying to prevent terrorism, but sadly they've been duped, like much of American society, into believing that government can provide us with safety and security in all aspects of life. Unfortunately, in this effort to provide a safe and secure country, our liberties are getting trampled on in the process.

Jesus, and I was thinking that if things got any worse in the U.S. I might take my family and emigrate someplace sane, like Holland. But that won't work if Holland, through the EU, starts signing up for the same insanity the U.S. government seems so enamored of.

It would work like this: Take two plaintext messages -- one innocuous and one more, um, poignant. Encode both, using different keys, into a single ciphertext. If the authorities intercept it and demand the key, just give them the one that decrypts the innocuous message, leaving the other one safely hidden.

In the UK you must provide the decryption key upon being presented with a court warrant. Providing the unencrypted text is not enough, they may force you to hand over the key (which, unfortunately, also allows law enforcement to read all past communications encrypted with that key and not just the communications covered by the court warrant). If required to turn over the encryption key for someone else (eg a boss for an employee) you may not tell the person that uses the encryption key you have revealed it to law enforcement or you face 5 years in jail. This is called a 'tipping off offence'.

As for the EU patent office, they are typical of EU beaurocracy gone mad. The UK had already decided against [slashdot.org] software patents. I hope we see more software groups lining up behind the EuroLinux call.

There seems to be confusion about what a computer language is. The correct answer is

a language for describing partial recursive functions.

A partial recursive function [mit.edu] is a type of function that was introduced by Kurt Godel, in the 1930s, using mathematical logic. (Also in the 1930s, Alan Turing developed the Turing machine as a model of human thought processes. It was then proven that the partial recursive functions were the same as the functions that could be evaluated by Turing machines. Later, electronic computers were created, and they were well modelled by Turing machines.)

The important point here is that the definition has nothing to do with physical devices. Of course, most computer languages can be understood by particular physical devices (electronic computers), but that is not required--and it only came about later. Even after the advent of electronic computers, some computer languages were still being invented for the purpose of communicating with people. Two good examples illustrating this are APL and MIX.

APL (AProgramming Language) was invented by Ken Iverson, a Harvard mathematician. His sole purpose was to have a good way to describe algorithms to people. Physical computers were not even a consideration. Later, other people thought that it would be a good idea to implement the language, and interpreters for computers were crafted, but that was strictly secondary.

MIX was invented by Don Knuth, a Stanford mathematician. His primary purpose was to have a "formal, precise way" to "present the various techniques" detailed in his book Art of Computer Programming (I'm quoting from the preface). Although algorithms described in MIX could be executed on a (idealized) computer, Knuth's primary purpose was communicate to people.

Both these languages are intended to be used to describe algorithmic calculations, but not all computer languages need do this. Prolog [cmu.edu] is an example, where you just describe the input and output of the program (e.g. input "a list" and output "an ordered list", where "ordered" means "i LE j implies list[i] LE list[j]"), without necessarily describing how to calculate the output. And Prolog was invented primarily to be executed on a computer.

If an algorithm is described in English, then plainly, there are free-speech protections. What if Esperanto were used? Again, free-speech protections should apply, but note that Esperanto is an artificial language. So, I think that the same provisions should apply if the language is APL or MIX. From there, we surely get protection for Prolog, Java, C, etc.: all human-readable languages.

Because a patent does not restrict the speaking i.e. publication, dissemination or expession of the patented matter in any way. In fact, patents themselves are by law not eligible for copyright protection in order to encourage the wide transmittal of the matter being patented. There is no restriction of speech involved.

In fact, a patent is a right of monopoly granted in exchange for full disclosure of what is being patented. Failure to fully disclose the patented is considered patent fraud, and invalidates the patent, and makes the patentee subject to other penalties as well.

The entire purpose of patent law is in fact to encourage people to publish technical art that they would otherwise tend to keep secret for economic reasons.

What is restricted is the use of the matter under patent to achieve the advantage or useful effect under the patent. This is why you can freely publish software programs like LAME that perform operations that are covered by patents - what you cannot do is put them into use without satisfying the license requirements of the patent holder.

That's funny. I was thinking that a power vacuum, US military, or UN martial law would provide a good opportunity to prosylatize Christianity and educate women with impunity. Free DVDs were pretty far down on the list.